<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
	<title>OpenID Connect authentication | ElasticSearch 7.7 权威指南中文版</title>
	<meta name="keywords" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <meta name="description" content="ElasticSearch 权威指南中文版, elasticsearch 7, es7, 实时数据分析，实时数据检索" />
    <!-- Give IE8 a fighting chance -->
    <!--[if lt IE 9]>
    <script src="https://oss.maxcdn.com/html5shiv/3.7.2/html5shiv.min.js"></script>
    <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
    <![endif]-->
	<link rel="stylesheet" type="text/css" href="../static/styles.css" />
	<script>
	var _link = 'oidc-realm.html';
    </script>
</head>
<body>
<div class="main-container">
    <section id="content">
        <div class="content-wrapper">
            <section id="guide" lang="zh_cn">
                <div class="container">
                    <div class="row">
                        <div class="col-xs-12 col-sm-8 col-md-8 guide-section">
                            <div style="color:gray; word-break: break-all; font-size:12px;">原英文版地址: <a href="https://www.elastic.co/guide/en/elasticsearch/reference/7.7/oidc-realm.html" rel="nofollow" target="_blank">https://www.elastic.co/guide/en/elasticsearch/reference/7.7/oidc-realm.html</a>, 原文档版权归 www.elastic.co 所有<br/>本地英文版地址: <a href="../en/oidc-realm.html" rel="nofollow" target="_blank">../en/oidc-realm.html</a></div>
                        <!-- start body -->
                  <div class="page_header">
<strong>重要</strong>: 此版本不会发布额外的bug修复或文档更新。最新信息请参考 <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" rel="nofollow">当前版本文档</a>。
</div>
<div id="content">
<div class="breadcrumbs">
<span class="breadcrumb-link"><a href="index.html">Elasticsearch Guide [7.7]</a></span>
»
<span class="breadcrumb-link"><a href="secure-cluster.html">Secure a cluster</a></span>
»
<span class="breadcrumb-link"><a href="setting-up-authentication.html">User authentication</a></span>
»
<span class="breadcrumb-node">OpenID Connect authentication</span>
</div>
<div class="navheader">
<span class="prev">
<a href="native-realm.html">« Native user authentication</a>
</span>
<span class="next">
<a href="pki-realm.html">PKI user authentication »</a>
</span>
</div>
<div class="section xpack">
<div class="titlepage"><div><div>
<h2 class="title">
<a id="oidc-realm"></a>OpenID Connect authentication<a class="edit_me edit_me_private" rel="nofollow" title="Editing on GitHub is available to Elastic" href="https://github.com/elastic/elasticsearch/edit/7.7/x-pack/docs/en/security/authentication/oidc-realm.asciidoc">edit</a><a class="xpack_tag" href="https://www.elastic.co/subscriptions"></a>
</h2>
</div></div></div>
<p>The OpenID Connect realm enables Elasticsearch to serve as an OpenID Connect Relying
Party (RP) and provides single sign-on (SSO) support in Kibana.</p>
<p>It is specifically designed to support authentication via an interactive web
browser, so it does not operate as a standard authentication realm. Instead,
there are Kibana and Elasticsearch security features that work together to enable
interactive OpenID Connect sessions.</p>
<p>This means that the OpenID Connect realm is not suitable for use by standard
REST clients. If you configure an OpenID Connect realm for use in Kibana, you
should also configure another realm, such as the <a class="xref" href="native-realm.html" title="Native user authentication">native realm</a>
in your authentication chain.</p>
<p>In order to simplify the process of configuring OpenID Connect authentication
within the Elastic Stack, there is a step-by-step guide: <a class="xref" href="oidc-guide.html" title="Configuring single sign-on to the Elastic Stack using OpenID Connect"><em>Configuring single sign-on to the Elastic Stack using OpenID Connect</em></a>.</p>
</div>
<div class="navfooter">
<span class="prev">
<a href="native-realm.html">« Native user authentication</a>
</span>
<span class="next">
<a href="pki-realm.html">PKI user authentication »</a>
</span>
</div>
</div>

                  <!-- end body -->
                        </div>
                        <div class="col-xs-12 col-sm-4 col-md-4" id="right_col">
                        
                        </div>
                    </div>
                </div>
            </section>
        </div>
    </section>
</div>
<script src="../static/cn.js"></script>
</body>
</html>